Author: abartlet Date: 2005-12-03 00:47:51 +0000 (Sat, 03 Dec 2005) New Revision: 12037
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=12037 Log: Fix malloc corruption caused by double-free(), where realloc(ptr, 0) is equivilant to free(). This is the issue tridge was seeing in the MEMORY: keytab code. Andrew Bartlett Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_memory.c Changeset: Modified: branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_memory.c =================================================================== --- branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_memory.c 2005-12-03 00:46:23 UTC (rev 12036) +++ branches/SAMBA_4_0/source/heimdal/lib/krb5/keytab_memory.c 2005-12-03 00:47:51 UTC (rev 12037) @@ -214,9 +214,15 @@ krb5_clear_error_string (context); return KRB5_KT_NOTFOUND; } - e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); - if(e != NULL) - d->entries = e; + if (d->num_entries == 0) { + free(d->entries); + d->entries = NULL; + } else { + e = realloc(d->entries, d->num_entries * sizeof(*d->entries)); + if(e != NULL) + d->entries = e; + } + return 0; }